Advisories ยป MGASA-2018-0248

Updated firefox packages fix security vulnerabilities

Publication date: 17 May 2018
Modification date: 17 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5150 , CVE-2018-5153 , CVE-2018-5154 , CVE-2018-5155 , CVE-2018-5157 , CVE-2018-5158 , CVE-2018-5159 , CVE-2018-5168 , CVE-2018-5178

Description

Updated firefox packages fix security vulnerabilities:

Mozilla: Memory safety bugs fixed in Firefox ESR 52.8 (CVE-2018-5150).

Mozilla: Backport critical security fixes in Skia (CVE-2018-5183).

Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154).

Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155).

Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files
(CVE-2018-5157).

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer
(CVE-2018-5158).

Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159).

Mozilla: Lightweight themes can be installed without user interaction
(CVE-2018-5168).

Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through
legacy extension (CVE-2018-5178).

Rootcerts has been updated to 20180411.

References

SRPMS

6/core